Testing That a Website Uses Kerberos Authentication

Question

Testing That a Website Uses Kerberos Authentication

How do you know if the IIS website is using Kerberos successfully and is not reverting to NTLM?

+3

6 answers

The easiest way I can think of is to use wirehark to view network packets and verify that your IIS server is requesting Kerberos tickets from your DC.

+3

Alan Nov 25 '08 at 4:58

source share

Fiddler2 , NTLM Kerberos.

    Authorization Header (Negotiate) appears to contain a Kerberos ticket:
60 82 13 7B 06 06 2B 06 01 05 05 02 A0 82 13 6F  `.{..+..... .o

    WWW-Authenticate Header (Negotiate) appears to be a Kerberos reply:
A1 81 A0 30 81 9D A0 03 0A 01 00 A1 0B 06 09 2A  ¡ 0 ....¡...*

+3

Christopher G. Lewis 03 . '09 3:58

-.

KerbTray , SPN. Kerbtray ( , Win2000).

+1

Nico 25 . '08 7:01

, , - . auturb auth:

Successful Network Logon:
User Name:  {Username here}
Domain:     {Domain name here}
Logon ID:   (0x0,0x########)
Logon Type: 3
Logon Process:  Kerberos
Authentication Package: Kerberos
Workstation Name:   
Logon GUID: {########-####-####-####-############}
Caller User Name:   -
Caller Domain:  -
Caller Logon ID:    -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port:    -


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

+1

jsw 03 . '09 4:09

, Negotiate Kerberos, Kerberos NTLM. , Wireshark ( Network Monitor) .

0

Lex Li 29 . '08 11:31

James newton-king · Accepted Answer · 2008-11-25T23:24:27+0000

One way to verify code in Kerberos is that the HTTP_AUTHORIZATION header for NTLM always starts with the following:

Negotiate TlRMTVNTUA

If the header does not start with text, the browser authenticates with Kerberos.

Testing That a Website Uses Kerberos Authentication

More articles: